Release 1.11.0

[DennisDyallo]

This merges the changes from the 1.11 release into the develop branch.

1.11.0 Release

Release date: June 28th, 2024

This release introduces significant enhancements and new features for the latest YubiKeys, including support for
firmware version 5.7, which allows for temporary disabling of NFC connectivity and checking PIN complexity status.
It also expands RSA key support in PIV to 3072 and 4096-bit keys, and includes improvements for YubiKey Bio and
Multi-Protocol Edition keys.
Additionally, there are optimizations in USB reclaim speed and adjustments to the touch sensor sensitivity and a few bug
fixes.
Several command classes have been deprecated due to changes in how device info is read by the SDK, and integration test
guardrails have been implemented for better security.

Features:

• Support for YubiKeys with the latest firmware (version 5.7):
  • NFC connectivity can now be temporarily disabled with SetIsNfcRestricted() (#91).
  • Additional property pages on the YubiKey are now read into YubiKeyDeviceInfo (#92).
  • PIN complexity status can be checked with IsPinComplexityEnabled (#92).
  • PIN complexity specific error messages and exceptions (#112).
  • The set of YubiKey applications that are capable of being put into FIPS mode can be retrieved with FipsCapable. The set of YubiKey applications that are in FIPS mode can be retrieved with FipsApproved (#92).
  • The part number for a key’s Secure Element processor, if available, can be retrieved with PartNumber (#92).
  • The set of YubiKey applications that are blocked from being reset can be retrieved with ResetBlocked (#92).
  • PIV: 3072 and 4096 RSA keys can now be generated and imported (#100).
  • PIV: Keys can be moved between the different slots on the YubiKey. Any key except the attestation key can be moved from one slot to another (#103).
• Support for YubiKey Bio/Bio Multi-Protocol Edition keys:
  • Get bio metadata (#108)
  • Added new verification policy enum values (PIN_OR_MATCH_ONCE, PIN_OR_MATCH_ALWAYS) (#108)
  • Bio user verification (#108)
  • Device Reset (#110)
• The USB reclaim speed, which controls the time it takes to switch from one YubiKey application to another, has been reduced for compatible YubiKeys. To use the previous 3-second reclaim timeout for all keys, see UseOldReclaimTimeoutBehavior (#93).
• The sensitivity of the YubiKey’s capacitive touch sensor can now be temporarily adjusted with SetTemporaryTouchThreshold (#95).

Bug fixes:

• Update ManagementKeyAlgorithm on PIV Application reset (#105).
• Queue macOS input reports so that large responses aren't dropped (#84).
• Default back to old SCardConnect behavior. Reverts the change in behavior to open smart card handles exclusively. Instead now defaults back to shared like it was before, but allows for applications to toggle between the new and old behavior through the use of AppContext.SetSwitch (#83).

Miscellaneous:

• The way that YubiKey device info is read by the SDK has changed, and as a result, the following GetDeviceInfo command classes have been deprecated (#91):
  • Yubico.YubiKey.Management.Commands.GetDeviceInfoCommand
  • Yubico.YubiKey.Otp.Commands.GetDeviceInfoCommand
  • Yubico.YubiKey.U2f.Commands.GetDeviceInfoCommand
  • Yubico.YubiKey.Management.Commands.GetDeviceInfoResponse
  • Yubico.YubiKey.Otp.Commands.GetDeviceInfoResponse
  • Yubico.YubiKey.U2f.Commands.GetDeviceInfoResponse
• The correct certificate OID friendly names are now used for ECDsaCng (nistP256) and ECDsaOpenSsl (ECDSA_P256) (#78).
• Integration test guardrails have been added to ensure tests are done only on specified keys. (#100).
• Fixed build issue when compiling Yubico.NativeShims on MacOS (#109).
• Run unit tests on all platforms in CI (#80).

Dependencies:

• Update xUnit and Microsoft.NET.Test.Sdk (#94).

[github-actions]

Package	Line Rate	Branch Rate	Complexity	Health
Yubico.Core	42%	31%	4257	➖
Yubico.YubiKey	50%	47%	19089	➖
Summary	49% (31990 / 65940)	44% (8185 / 18519)	23346	➖

Minimum allowed line rate is 40%